package com.wht.shiro;

import com.wht.domain.DtsAdmin;
import com.wht.service.DtsAdminService;
import com.wht.service.DtsPermissionService;
import com.wht.service.DtsRoleService;
import com.wht.util.bcrypt.BCryptPasswordEncoder;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

import java.util.List;
import java.util.Set;

/**
 * @author wanghaotian
 * time:2022/12/01,0001 19:48
 * description:
 */

public class AdminAuthorizingRealm extends AuthorizingRealm {

    private static final Logger logger = LoggerFactory.getLogger(AdminAuthorizingRealm.class);

    @Autowired
    private DtsAdminService adminService;

    @Autowired
    private DtsRoleService roleService;

    @Autowired
    private DtsPermissionService permissionService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        if(principals == null){
            throw new AuthorizationException("[AdminAuthorizingRealm类, doGetAuthorizationInfo方法] 授权用户不能为空!");
        }
        DtsAdmin admin = (DtsAdmin) getAvailablePrincipal(principals);
        Integer[] roleIds = admin.getRoleIds();
        Set<String> roles = roleService.queryByIds(roleIds);
        Set<String> permissions = permissionService.queryByRoleIds(roleIds);
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.setRoles(roles);
        info.setStringPermissions(permissions);
        return info;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        UsernamePasswordToken upToken =(UsernamePasswordToken) token;
        String username = upToken.getUsername();
        String password = new String(upToken.getPassword());
        if(StringUtils.isEmpty(username)){
            throw new AccountException("用户名不能为空");
        }
        if(StringUtils.isEmpty(password)){
            throw new AccountException("密码不能为空");
        }
        List<DtsAdmin> adminList = adminService.findAdmin(username);
        Assert.state(adminList.size() < 2, "同一个用户名存在两个账户");
        if(adminList.size() == 0){
            logger.error("找不到用户("+username+")的账号信息");
            throw new UnknownAccountException("找不到用户("+username+")的账号信息");
        }
        DtsAdmin admin = adminList.get(0);
        BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
        if(!encoder.matches(password, admin.getPassword())){
            logger.error("找不到用户("+username+")的账号信息");
            throw new UnknownAccountException("找不到用户("+username+")的账号信息");
        }
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(admin, password, this.getName());

        return info;
    }
}
